Java login does not read encrypted passwords

Question

I am building a login system in Java using mysql database, the passwords in the database are encrypted. So when I put a plain text password manually in the database the system logs me in, but it fails to read the ones which are encrypted. I would like someone to help me.

Here is what I tried:

package techtight;

import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.sql.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import static javax.management.Query.and;
import javax.swing.JButton;
import javax.swing.JFormattedTextField;
import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.JPasswordField;
import javax.swing.JTextField;
public class myLogin extends JFrame {
    public void contentMethod(){
    JFrame myframe = new JFrame("login Techtight");
    myframe.setLayout(null);
    myframe.setSize(200,170);

    myframe.setVisible(true);

        JTextField txtuser = new JTextField();
          JPasswordField txtpass = new JPasswordField(); 
          JButton btnLoging = new JButton("Login");
          txtuser.setBounds(40, 20, 120, 25);
          txtpass.setBounds(40, 50, 120, 25);
          btnLoging.setBounds(40,80, 80, 30);
          myframe.add(txtuser);
          myframe.add(txtpass);
           myframe.add(btnLoging);
       ///How to code the button 
   btnLoging.addActionListener(new ActionListener() {
        public void actionPerformed(ActionEvent e) {
            // connect to the db 
            try {
                 Connection conn;
                 String dbuser = "root";
                 String dbpassw = "12345";
                 String databasename = "taxi";
                 String url = "jdbc:mysql://localhost/taxi";
                 Class.forName("com.mysql.jdbc.Driver");
                 conn = DriverManager.getConnection(url,dbuser,dbpassw);
                 Statement st = conn.createStatement();
                   String username = txtuser.getText();
                   char[] pass = txtpass.getPassword();
                   String password = new String (pass);
                   //String password = String.copyValueOf(pass); // converting from array to string 
                   //String password = txtpass.getText();
                   ResultSet rs = st.executeQuery("SELECT * FROM users where username='" + username + "' and password='" + password + "'");
                   if(rs.next()){
                       JOptionPane.showMessageDialog(null, "Login Succesful");
                       myframe.dispose();// make login for disapear 

                   }else {
                                             JOptionPane.showMessageDialog(null, "Login Failed ");
                                              new Techtight();


                   }
                //JOptionPane.showMessageDialog(null, "okay");

            } catch (SQLException ex) {
                Logger.getLogger(myLogin.class.getName()).log(Level.SEVERE, null, ex);
            } catch (ClassNotFoundException ex) {
                Logger.getLogger(myLogin.class.getName()).log(Level.SEVERE, null, ex);
            }             
        }
});         //

    }  
    public static void main (String args[]){
      myLogin m = new myLogin();
      m.contentMethod();

    }  

}

are you sure that this is a [Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve)? — Clijsters, Oct 12 '17 at 08:22
if `password` is encrypted in the database, then you need to use the encrypted `password` in your query. — juvenislux, Oct 12 '17 at 08:25
@humphrey You would be encryting the password with some algo , you have to encryt your password by same in this case also then you can compare . — Himanshu sharma, Oct 12 '17 at 08:26
That gives much sense @Himanshusharma because I have some passwords in the database encrepted in MD5 using php so in Java I can access those account but the ones I created in Java like (MD5(?),32) i cant access them but they have the same character number as those I created in PHP — Humphrey, Nov 08 '17 at 07:24

score 1 · Answer 1 · answered Oct 12 '17 at 09:17

1

You have to use the encrypted password for your query.

So you have to use the same encryption or hash function used on the stored data.

If the password in the database is SHA1 hashed the query could look like:

SELECT * FROM users WHERE username = user AND password = SHA1(password)

You could encrypt your password also before sending it to the database. Just use the Java equivalent of the encryption function.

answered Oct 12 '17 at 09:17

Oliver Tazl

54
7

I used md5 with php to create these passwords – Humphrey Oct 20 '17 at 12:55
So just use `MD5(...)` in this query instead – Oliver Tazl Oct 23 '17 at 11:31

score 0 · Answer 2 · edited Oct 12 '17 at 08:53

0

In your program you are passing non encrypted password. Don't know how you are encrypting passwords in database but you should add after this:

String password = new String (pass);

A code line responsible for encryption can look like:

String encrypted_password = sha1_enc_method(password); // it could be another encryption

and then use encrypted one instead on plain text one.

edited Oct 12 '17 at 08:53

Clijsters

4,031
1
27
37

answered Oct 12 '17 at 08:26

dgebert

1,235
1
13
30

Java login does not read encrypted passwords

2 Answers2